this post was submitted on 19 Nov 2023
92 points (96.0% liked)

Android

17235 readers
116 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: [email protected]

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
92
Nothing pulls its iMessage app from the Play Store following privacy disaster (www.androidpolice.com)
submitted 9 months ago by [email protected] to c/[email protected]
10 comments fedilink hide all child comments
top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 41 points 9 months ago (1 children)

Ah so another day of sales falsely advertising something as "end to end encrypted" when they have no effing clue how it works.

However then for the devs... HTTP still? How did that happen? I'm usually very forgiving for engineers (I am one, why I'm salty about sales), but these are pretty jr level issues. Unless... the offshored it or only hired jrs then I completely see how it happened.

[–] [email protected] 7 points 9 months ago (1 children)

However then for the devs... HTTP still? How did that happen?

There is a specific mindset that comes with this decision: It's called laziness.

While I could talk for hours about this particular problem and how company culture and structure rewards bad behavior, I'll spare you the details.

[–] [email protected] 2 points 9 months ago (1 children)

It could be. It could also be a bunch of cheaper junior devs who have never done devops. I've had to teach a lot of fresh engineers about devops because while they can code, they've never had to deploy a service before.

[–] [email protected] 6 points 9 months ago* (last edited 9 months ago) (1 children)

While I don't work specifically in dev, I have worked in security for way too long and totally understand what you mean. (I am too old and too salty to work in this field anymore, to be honest. Technology has changed, vulnerabilities are still wild and different but security as a whole? It has been mostly the same.)

I personally wouldn't expect a jr. developer to clearly articulate a possible security problem to their manager. It's hard, to be honest. That could be part of the issue as well.

The laziness I am referring to can happen at any level and in hundreds of different situations. To your point, some people "simply don't know what they don't know" and may be just an honest mistake.

[–] [email protected] 3 points 9 months ago

That's really what I expect, to me I see this all as young engineers pushed to finish as fast as they could, didn't know any better, and no one thought of granting any time for the devops pipeline to be shored up.

Which of course then falls on leadership for thinking they could take the cheap way out and not listen to their engineers. Any senior or higher would be screaming about the vulnerabilities, so leadership either didn't listen (ego and greedy) or they didn't hire anyone with the expertise (cheaped out)

[–] [email protected] 15 points 9 months ago

Saw this coming several miles away.

[–] [email protected] 9 points 9 months ago

Hmm … that was fast.

[–] [email protected] 7 points 9 months ago

I think I'm going to start calling them "Things I would buy from this company.".

[–] [email protected] 4 points 9 months ago

Apparently worse than I originally thought from what I understand now they logged every message sent and kept all files accessible including documents, photos, videos etc.

[–] [email protected] 4 points 9 months ago

“Sorry Tim”